« Firefox Homepage JavaScript Execution | Main | Internet Explorer Download Zones Mix-up leads to XSS »

December 03, 2007


Romain Gaucher

I think we pretty much all drew the same conclusion about the testing methodology. It needs to be real science to be valuable.

Also, the code coverage and crawled links are very questionable metrics. To be more valuable, it needs to be related to the vulnerability finding. Let's say a tool A is covering 20% of the webapps and is catching 80% of the vulnerabilities... I would definitely prefer that ;)

Ory Segal

Here's a cross-post that I just found:


The comments to this entry are closed.

Follow us on Twitter

AppScan Free Trial

Try IBM Security AppScan software at no charge.

Become a Fan